CVE-2025-47917

Mbed TLS before 3.6.4 allows a use-after-free in certain situations of applications that are developed in accordance with the documentation. The function mbedtlsx509stringtonames takes a head argument that is documented as an output argument. The documentation does not suggest that the function...

CVE-2025-20201

CVE-2025-20201 concerns a privilege-escalation vulnerability in the CLI of Cisco IOS XE Software. The issue stems from insufficient input validation when processing certain configuration commands, allowing an authenticated local attacker with privilege level 15 to elevate to root on the device’s ...

Secure Web Gateway 10.2.11 - Cross-Site Scripting (XSS)

Exploit Title: Secure Web Gateway 10.2.11 - Cross-Site Scripting XSS Product: Secure Web Gateway Affected Versions: 10.2.11, potentially other versions Fixed Versions: 10.2.17, 11.2.6, 12.0.1 Vulnerability Type: Cross-Site Scripting Security Risk: high Vendor URL:...

MAL-2022-6624 Malicious code in tracking-pixel (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4c716881c807de2fd9c60dcb6d0fe33b8a7dc68df7808c9d5e277cc8bfdc1398 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SPIP 3.1.2 Cross Site Request Forgery

SPIP 3.1.2 Exec Code Cross-Site Request Forgery CVE-2016-7980 Product Description SPIP is a publishing system for the Internet, which put importance on collaborative working, multilingual environments and ease of use. It is free software, distributed under the GNU/GPL licence. Vulnerability...

WORK System E-Commerce <= 3.0.1 - Remote Include Vulnerability

No description provided by source. ============================================================================================ WORK System E-Commerce ginclude Remote File Inclusion Vulnerability ============================================================================================...

Python CGIHTTPServer Encoded Path Traversal Vulnerability

The CGIHTTPServer Python module does not properly handle URL-encoded path separators in URLs. This may enable attackers to disclose a CGI script's source code or execute arbitrary CGI scripts in the server's document root. The CGIHTTPServer Python module does not properly handle URL-encoded path...

Important: nrpe

Issue Overview: DISPUTED Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor NRPE 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/checknrpe. NOTE: this issue is disputed by multiple parties. It ha...

CVE-2014-2913

Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor NRPE 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/checknrpe. NOTE: this issue is disputed by multiple parties. It has been reported that the...

Enghouse Interactive IVR Pro (VIP2000) Remote Root

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 XPD - XPD Advisory https://xpd.se Enghouse Interactive IVR Pro VIP2000 remote root authentication bypass Vulnerability Advisory ID: XPD-2013-001 CVE reference: CVE-2013-6838 Affected platforms: IVR Pro/Contact Center VIP2000 platforms with OpenVZ an...

FileMaster SY-IT 3.1 iOS - Multiple Web Vulnerabilities

FileMaster SY-IT 3.1 iOS - Multiple Web Vulnerabilities Document Title: =============== FileMaster SY-IT v3.1 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1170 Release Date: ============= 2013-12-16 Vulnerability...

Wordpress videowhisper-live-streaming-integration Plugin Xss vulnerabilities

The Wordpress videowhisper-live-streaming-integration Plugin suffers from a Cross-Site Scripting vulnerability. Iranian Exploit DataBase Forum http://iedb.ir/acc http://iedb.ir Exploit Title : Wordpress videowhisper-live-streaming-integration Plugin Xss vulnerabilities Author : Iranian Exploit...

WordPress Category-Grid-View-Gallery XSS

Iranian Exploit DataBase http://exploit.iedb.ir Exploit Title : WordPress category-grid-view-galler plugin Cross-Site Scripting Vulnerabilities Author : Iranian Exploit DataBase Discovered By : IeDb Email : [email protected] Home : http://exploit.iedb.ir Software Link : http://wordpress.org/...

Fronk Design SQL Injection

Exploit Title : fronk Cms Sql Injection Vulnerability Author : IrIsT.Ir Discovered By : BeniVanda Home : http://IrIsT.Ir/forum Software Link : http://www.fronk.cz/ Security Risk : High Version : All Version Tested on : win7 Dork : intext:"Design and implementation FRONK Design" Expl0iTs :...

Essential Website Design CMS SQL Injection

Exploit Title : essentialwebsitedesign Cms Sql Injection Vulnerability Author : IrIsT.Ir Discovered By : Am!r Home : http://IrIsT.Ir/forum Software Link : http://www.essentialwebsitedesign.net Security Risk : High Version : All Version Tested on : GNU/Linux Ubuntu - Windows Server - win7 Dork :...

Cinotas CMS SQL Injection

Exploit Title : cinotas Cms Sql Injection Vulnerability Author : IrIsT.Ir Discovered By : Am!r Home : http://IrIsT.Ir/forum Software Link : http://www.cinotas.co.za/ Security Risk : High Version : All Version Tested on : GNU/Linux Ubuntu - Windows Server - win7 Dork : intext:"Website development...

Plump Digital CMS SQL Injection

Exploit Title : Plump Digital Cms Sql Injection Vulnerabilitiy Author : IrIsT.Ir Discovered By : Am!r Home : http://IrIsT.Ir/forum Software Link : www.plumpdigital.co.uk Security Risk : High Version : All Version Tested on : GNU/Linux Ubuntu - Windows Server - win7 Dork : "site by Plump Digital"...

Ajaxmint-Gallery v1.0 <= CSRF Change Admin Password

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

D-Link DSL-2640U PPoE Data Disclosure (ADSL Router)

Exploit for hardware platform in category web applications ================================================================================ || | | || || || |/ | || |/ | | | | | | | | | | | \ | | | | \ ================================================================================ Exploit Title:...

Uiga FanClub SQL Injection

Exploit Title : Uiga FanClub Sql Injection Vulnerability Author : Secure-Land Security Team Discovered By : farbodmahini Home : Secure-Land.net Version : All Version Vendor : www.uiga.com Contact : [email protected] , [email protected] Security Risk : High Dork : intitle:"Uiga FanClub"...